- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mbs:mbs_stg"

- name: make the box be real
  hosts: mbs:mbs_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
  - base
  - rkhunter
  - nagios_client
  - hosts
  # openvpn on the prod frontend nodes
  - { role: openvpn/client, when: "'mbs_frontend' in group_names and datacenter == 'iad2'" }
  - ipa/client
  - rsyncd
  - sudo
  - collectd/base

  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: Set up apache on the frontend MBS API app
  hosts: mbs_frontend:mbs_frontend_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - mod_wsgi

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: set up fedmsg configuration and common mbs files
  hosts: mbs:mbs_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - fedmsg/base
  - mbs/common

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: deploy the frontend MBS API app
  hosts: mbs_frontend:mbs_frontend_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - mbs/frontend

  post_tasks:
  # Shouldn't be necessary after this change makes it out
  # https://src.fedoraproject.org/rpms/module-build-service/c/d19515a7c053aa90cddccd5e10a5615b773a7bd2
  - name: Make sure fedmsg-hub isn't running on the frontend.
    service:
      name: fedmsg-hub
      state: stopped
      enabled: false
    tags:
    - mbs
    - mbs/frontend

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: deploy the backend MBS scheduler daemon
  hosts: mbs_backend:mbs_backend_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - role: keytab/service
    service: mbs
    owner_user: fedmsg
    host: "mbs{{env_suffix}}.fedoraproject.org"
  - role: fedmsg/hub
    tags: fedmsg/hub
  - role: collectd/fedmsg-service
    process: fedmsg-hub
  # Amazingly, there isn't need for a mbs/backend role.  The fedmsg/hub role
  # along with mbs/common is enough.
  #- mbs/backend

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
